Mike Hansen

Recent Posts by Mike Hansen:

We have added two more videos in the Tips from the Trenches Series free video based training, explaining how to configure and use Nexus Firewall to block and quarantine open source components with known vulnerabilities.

The quantitative research summarized below, covering over 7,000 repositories across nearly 100 countries, highlights some of the challenges with quality at modern development velocities. You can respond by leveraging automation in your repository manager to improve application quality and reduce rework while lowering exposure to risk.

The quantitative research summarized below, covering over 7,000 repositories across nearly 100 countries, highlights some of the challenges with quality at modern development velocities. By leveraging automation in your repository manager, you can improve application quality and reduce unplanned work while lowering exposure to risk.

As we’ve been busy building out the Insight product line we’ve spent significant time considering the issues associated with “conflicting” and “invalid” licenses -- licenses which upon consumption preclude further redistribution without being in violation of the licensing terms. Conflicting (or incompatible) licenses are problematic for development organizations using open source software as there is no effective way to consume and then redistribute the software (or derivative work). You simply cannot combine GPL and EPL 1.0, for example, because it is not possible to maintain compliance with all licensing obligations specified by both under any licensing construct upon further distribution. EPL cannot be consumed within GPL and vice versa. See http://www.gnu.org/licenses/license-list.html#EPL for additional information.

If you consume both EPL and GPL in a Maven POM or another build, and then you subsequently ship that software, you would not be able to satisfy your obligations as a distributor and would therefore be in violation of one or both of the licenses. As developers, we have enough to worry about already. This a job best done by the tools we use -- in this case Insight for CI and Nexus Professional. Depending on your circumstances, having your CI system alert upon detecting incompatible licensing constructs at build time reduces risk and costs by catching problems early in the development lifecycle.